Re: [PATCH] drm/bridge: adv7511: fix race condition bug in adv7511_remove due to unfinished work
From: Zheng Hacker
Date: Wed Mar 15 2023 - 05:20:46 EST
<neil.armstrong@xxxxxxxxxx> 于2023年3月15日周三 17:08写道:
>
> Hi,
>
> On 08/03/2023 18:34, Zheng Wang wrote:
> > In adv7511_probe, adv7511->hpd_work is bound with adv7511_hpd_work.
> > If we call adv7511_remove with a unfinished work. There may be a
> > race condition where bridge->hpd_mutex was destroyed by
> > drm_bridge_remove and used in adv7511_hpd_work in drm_bridge_hpd_notify.
> >
> > Fix it by canceling the work before cleanup in adv7511_remove.
> >
>
> Can you add the relevant Fixes tag ?
>
Hi Neil,
Thanks for your reply and kind reminder. Sorry for my mistake. I'll
append more messages in the next version of patch.
Best regards,
Zheng
> Thanks,
> Neil
>
> > Signed-off-by: Zheng Wang <zyytlz.wz@xxxxxxx>
> > ---
> > drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c b/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
> > index ddceafa7b637..9bf72dd6c1d3 100644
> > --- a/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
> > +++ b/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
> > @@ -1349,6 +1349,7 @@ static void adv7511_remove(struct i2c_client *i2c)
> > {
> > struct adv7511 *adv7511 = i2c_get_clientdata(i2c);
> >
> > + cancel_work_sync(&adv7511->hpd_work);
> > adv7511_uninit_regulators(adv7511);
> >
> > drm_bridge_remove(&adv7511->bridge);
>